Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Balderick

  1. Hi all, I have a question about join or inner join; not sure in what way it should be used. I now use 2 queries in 2 different databases (made in phpmyadmin). SELECT `title` FROM `writers` WHERE id ='qwert58efedd1979f'; SELECT `name`, `lastname`, `str`, `nr`,` place` FROM `client` WHERE id ='qwert58efedd1979f'; I would like to make one mysql query and use join to search in 2 tables in 2 different databases. Can anyone tell how mysql does this?
  2. Wait ................ I saw the light after adding brackets to $array_of_val1 thanks for the help .
  3. I added this code in the loop : while ($stmt->fetch()) { $array_of_val1 = array($val1); var_dump($array_of_val); } but the result is that the both the offsets appear to be 0 and not 0 and 1 .
  4. why should the output be called from within the function?
  5. Hi All, I'm looking for a solution in using a function. The function fetches data from a database. In a column multiple results are found. I want to have all the records outisde the function. Inside the function all records are shown, but outside only the last record. I thought I could use return array, but it only returns multiple variables and not multiple rows. Not sure if fetch() is the solution for arrays. example: <?php function test_func($val4) { global $val1; global $val2; global $val4; $servername = "host"; $username = "johndoe"; $password = "admin"; $dbname = "dbase_db"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } // if ($stmt = $conn->prepare("SELECT col1, col2 FROM table WHERE col4 = ? ; ")) { $stmt->bind_param("s", $val4); $stmt->execute(); $stmt->store_result(); $num_of_rows = $stmt->num_rows; var_dump($num_of_rows); $stmt->bind_result($val1, $val2); if ($num_of_rows > 0){ while ($stmt->fetch()) { // managed to output multiple rows here, but that's not the goal } return array ($val1, $val2); } } } $val4='form_value'; test_func($val4); // return multiple rows here, outside the function How should I solve this?
  6. <html> <head> <script type="text/javascript"> function CheckColors(val){ var element=document.getElementById('color-test'); if(val=='pick a color'||val=='others') element.style.display='block'; else element.style.display='none'; } </script> </head> <body bgcolor='lime'> <div style="margin-left: 400px; margin-top:100px; width: 200px; height: 200px; border: solid blue 1px; display: inline-block; float: left;"> <p style=""> name </p> <p style=""> ball </p> <p style=""> color </p> </div> <div style="margin-left: 50px; margin-top:100px; width: 200px; height: 200px; border: solid blue 1px; display: inline-block; float: left;"> <p><input type ="text" ></p> <p><input type ="text" ></p> <select name="color" onchange='CheckColors(this.value);'> <option>pick a color</option> <option value="red">RED</option> <option value="blue">BLUE</option> <option value="others">others</option> </select> <p><input type="text" name="color" id="color-test" style='display:none;'/></p> </div> </body> </html> I created an example script of a situation I would like to solve. There are 2 divs. The right div receives an extra input field when onChange detects an event. In the left div there should also be a new html element like <p>. How can I program this with javascript?
  7. yes, thank you dsonesuk that worked very well.
  8. Hi I would like to customize a specific toggle slider. I managed to make the example larger, but now the toggle moves only a little and not across the entire switch. ( I set width to 160 in the .switch class) example: <!DOCTYPE html> <html> <head> <style> .switch { position: relative; display: inline-block; width: 160px; height: 34px; } .switch input {display:none;} .slider { position: absolute; cursor: pointer; top: 0; left: 0; right: 0; bottom: 0; background-color: #ccc; -webkit-transition: .4s; transition: .4s; } .slider:before { position: absolute; content: ""; height: 26px; width: 26px; left: 4px; bottom: 4px; background-color: white; -webkit-transition: .4s; transition: .4s; } input:checked + .slider { background-color: #2196F3; } input:focus + .slider { box-shadow: 0 0 1px #2196F3; } input:checked + .slider:before { -webkit-transform: translateX(26px); -ms-transform: translateX(26px); transform: translateX(26px); } /* Rounded sliders */ .slider.round { border-radius: 34px; } .slider.round:before { border-radius: 50%; } </style> </head> <body bgcolor='teal'> <center><br><br> <h2>Toggle Switch</h2> <label class="switch"> <input type="checkbox"> <div class="slider"> Tekst</div> </label> <br><br> </center> </body> </html> So anyone any suggestions how to slide the toggle over the entire switch?
  9. I would like to create a a random number with random_bytes(). Can I just store the random_bytes output in the database field? Is that for instance more secure? And, regarding to sending it by email, what is the advantage above sending a code like uniqid() or md5($_POST['var'] + microtime() ? I see the screen output is a bit uncommon (with ? in a diamond ) does that have to do with the encryption? And is that the reason why reason bin2hex is used to decrypt? this is the code I would like to use: <html> <center> <br><br><br> the output of the function random_bytes is: <br><br> <?php $num = random_bytes(15); echo '<br><br>' . $num ; echo '<br><br> var dump of random_bytes with bin2hex: ' ; echo bin2hex($num); ?> </center></html>
  10. what do bind_param and execute do actually? How should the parameters for these functions be used? I'm looking for good and extended tutorial info online, but about this subject there's not much, a lot of tuts seem to be outdated, use other coding not related to OOP. This is rather sad but for programmers but good info (especially for security matters) would be welcome.
  11. I tried these variations: $count = 1 $stmt = $conn->prepare('UPDATE table SET count = count + ? WHERE unique_nr = ? '); and: $stmt = $conn->prepare('UPDATE table SET count = count + 1 WHERE unique_nr = ? '); bind_param is set to: $stmt->bind_param("ii", $count, $unique_nr); I even made a mysqli routine but this also didnt work. What did work was the mysql query input in the console: mysql> UPDATE table SET count = count + 1 WHERE unique_nr = 267334; The thing is with the console input is that when the value of count was NULL I wasnt able to update the column but once I first set it at 1 I could use the above query. What is the reason for that? And do you have any clue how to solve it? Edit: and is there a way to auto_increment 2 columns in one table?
  12. it was a number, but changing that doesnt solve the problem.
  13. But I also changed this code: $stmt = $conn->prepare('UPDATE table SET count = count + 1 WHERE unique_nr = ? '); in $count= 1; $stmt = $conn->prepare('UPDATE table SET count = count + ? WHERE unique_nr = ? '); the result here is that I have no error message, but there is nothing added to the column.
  14. In phpmyadmin I did the following query and had it output in php like this: $sql = "UPDATE `table` SET count = count + 1 WHERE unique_nr = 5175781"; this all worked well. though when I tried to implement it in my script I had an error: script: <?php // code to establish dbase connection: var_dump($unique_nr); // $stmt = $conn->prepare('UPDATE table SET count = ? WHERE unique_nr = ? '); $stmt = $conn->prepare('UPDATE table SET count = count + 1 WHERE unique_nr = ? '); $stmt->bind_param("is", $count, $unique_nr); $stmt->execute(); ?> resulting in an error message. I also tried this way of writing for bind_param: $stmt->bind_param("s", $unique_nr); but that didnt update the column, though there wasnt an error message anymore
  15. <?php if (empty($count)) { $count=''; } if ($count == '') { $count ='1'; } else { $count++ ; } echo $count; echo '<br>'; ?> My goal is to make a script that increments $count ever time someone downloads the page. Can this be done without 'storing' the $count value? Or should I create a script with fwrite/fopen or $_SESSION?
  16. yes dsonesuk thanks a lot again. But I also removed a comma after num_once .
  17. Hi people I have a table created like this: -- -- Database: `mydatabase` -- -- -------------------------------------------------------- -- -- Tablestructure for table `table_name` -- CREATE TABLE `table_name` ( `num` int(4) NOT NULL, `fol_num` int(7) DEFAULT NULL, `col3` varchar(30) DEFAULT NULL, `col4` int(1) DEFAULT NULL, `num_nonce` varchar(20) DEFAULT NULL, `col6` varchar(30) DEFAULT NULL, `col7` varchar(15) DEFAULT NULL, `col8` varchar(15) DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; -- I also created a function and the goal of the function is to read the random number from fol_num with a mysql query with WHERE. fol_num should match with the number found and show num_nonce belonging to that record. query: SELECT num_nonce, FROM table_name WHERE fol_num = ? ; function: <?php function my_func() { // global global $fol_num; global $num_nonce; $servername = "localhost"; $username = "myname"; $password = "mypassword"; $dbname = "mydatabase"; // Create connection $conn = new mysqli($servername, $username, $password, $dbname); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } var_dump($fol_num); // select nonce from database table $stmt = $conn->prepare("SELECT num_nonce, FROM table_name WHERE fol_num = ? ;" ) ; $stmt->bind_param('is', $fol_num, $num_nonce); $stmt->execute(); $stmt->bind_result($fol_num, $num_nonce); $stmt->fetch(); var_dump($num_nonce); // var_dump($fol_num2); //$stmt->close(); $conn->close(); } my_func(); ?> I receive errors that sound like: Fatal error: Uncaught Error: Call to a member function bind_param() on boolean in ...... pointing to this line: $stmt->bind_param('is', $fol_num, $num_nonce); what is not good and how to solve it?
  18. I take some time to read it. I made functions before to filter out bad input; inserted with the <input> tag. But I have the feeling that that's not enough. My idea is that it is possible to use other tags and attributes like <form action = 'misdirection_script.php'> . (Sorry to ask but I'm a real noob in javascript and I feel a bit foolish to start with javascript and have 'hack' intentions )
  19. Is there a way to prevent that a malicious person crafts a piece of code that changes the value of an action attribute? Like when you have this line of html: <form method="post" name="register" action="<?php echo $_SERVER['PHP_SELF']; ?>"> but the attacker places the entire script on his own server. Is this XSS? What are the consequences of gaining/finding protected data? If this kind of attack is possible, can someone show with an example how this is done?
  20. To be honest I dont have a real 'attack scenario' . Sorry guys . I think as a programmer and not from the wrong side. I do that because I assume there are numerous attacks possible. I have been reading at OWASP; this offers obviously some standard procedures. is it possible to simulate a domain name? Like for instance a virtual host or probably an ipadress with a crafted domain name? ( I know it's not possible) having the same name as the target and then make a cookie that hijacks a session? or is this far-fetched?
  21. hi there, I bumped into the use of session_set_cookie_param() and was thinking about how to limit access for undesired users. Besides lifetime, I thought it would be effective to set the domain param. But how effective is this in real? Isn't it also possible to spoof domain names. (as a lot can be crafted ). is there any evidence this can be done and if so how to avoid it? Like cloaking domains or so or is that exaggerating and time consuming?
  • Create New...